A co-worker keeps mentioning SSH keys being associates with an IP address but Im not sure what it exactly means. So i tried generating a SSH key and it had my host name at the end of the file. This discussion can up when we were talking about sharing host key among a bunch of hosts and here the host key didnt have any host DNS or ip address to it. Can some on explain me how the dns/ip address in the host key file is associated with the key itself and what its absence means? Thanks.
Add a comment
|
2 Answers
The IP address or hostname at the end of a key is just a comment. By default, your username and hostname where the key was generated is written there, but it's ignored for the purposes of authentication.
If you want to lock down an authorised ssh key so that it can only be used from specific hosts, you can put this in your authorized_keys file:
from="192.168.0.0/24" ssh-rsa BLAHBLAHYOURKEYGOESHERE someone@somewhere
^^^^^^^^^^^^^^^^^ -- comment
It's not clear which of the many ssh related files you mean but the ain one that collects and stores addresses is the known_hosts (~/.ssh/known_hosts and if configured /etc/ssh/known_hosts) file./ This stores the keys for hosts that you have connected to and is used to attempt to prevent man in the middle attacks.
When you make a connection via ssh to a remote host it will send you it's public key. Your ssh client will check known_hosts:
If you have previously connected it will compare the key it has just been sent with the one it stored earlier.
- If they are the same then all good the connection proceeds
- If they are different the client stops the connection and issues an error message.
If you have not previously connected your client will display the fingerprint of the remote host and ask you to confirm it's authenticity.
- If you authenticate the key it is stored in known_hosts for later use (see above)
- If you don't authenticate the key the connection is stopped.
